All Arc, All the Time

One thing is for sure, even though it is a new year, cyber security threats aren’t going away.  One of our first lines of defense against a cyber security threat is you!

Most recent cyber security attacks start with a simple e-mail known as a phishing message.  These messages are intended to look like an email from someone or a company that you may possibly know.  It may even appear as if it’s the name of a person you know within your company.  Most of these suspicious messages will have either an attachment that you are asked to open or a link to a website.

If you receive an unexpected message with a link or attachment, take a moment before proceeding to act on the message to see if there’s anything that “just doesn’t look right”.  Make sure the email address is the actual address of the sender.  One of the easiest ways to verify a message is legitimate is to call or email the person whom sent you the message and verify they sent it (if it is a person you know).

I’m often asked, “What information is ok to put online?”.  Well, the truth of the matter is, a lot of your information already is online.  Public record laws have allowed for much of what you and I would consider “private” information to be placed online in searchable formats.  Having a Facebook or Twitter account isn’t going to compromise your identity anymore than saying hello to someone at the grocery store.  There are some tips though that you can follow to ensure that you don’t get taken advantage of.

• Lock it down – Both Facebook and Twitter (along with most other forms of social media) allow you to restrict your posts/profile to “Friends or followers” only.  This is a must.  By default, your posts are public so make sure you check your security settings and don’t share your posts with the world.
• Don’t post your job info –  Posting where you work makes it easier for the “bad guys” to find you, combine that with a little more information about your life and it could put you in a compromising position.
• Avoid vacation announcements – So you’re going on vacation, great!  Don’t tell everyone about it until you get back.  As long as you trust everyone you know on your “friends” list, it’s probably ok, but, if you’re not sure you have you profile locked down correctly this is a definite no no.

• Lock it down – Both Facebook and Twitter (along with most other forms of social media) allow you to restrict your posts/profile to “Friends or followers” only.  This is a must.  By default, your posts are public so make sure you check your security settings and don’t share your posts with the world.
• Don’t post your job info – You work at a defense contractor, posting where you work probably isn’t a good idea, especially to the public.  Posting where you work makes it easier for the “bad guys” to find you, combine that with a little more information about your life and it could put you in a compromising position. 
• Avoid vacation announcements – So you’re going on vacation, great!  Don’t tell everyone about it until you get back.  As long as you trust everyone you know on your “friends” list, it’s probably ok, but, if you’re not sure you have you profile locked down correctly this is a definite no no.

E-mail spoofing is becoming more and more prevalent and targeted in recent months.  E-mail spoofing is the creation of an e-mail message with a forged sender address attempting to make the recipient believe it is from a legitimate source.  Industry experts report that the quantity of spoofed e-mails is going down but the quality of the e-mails being sent is going up.  These e-mail messages typically target employees in positions with access to sensitive information and appear to come from someone in leadership at a company.  These e-mails may include official company identifying information up to and including company logos.

Below is an example of a spoofed e-mail:

Jason (Name of an Accounting Clerk),

How are you doing?  I need you to setup an outgoing wire transfer of $18,250.22 to the account below.  We’ve got to make a deposit on our acquisition.  Please keep this quiet as many people do not yet know about this transaction.

Bank Name: First Nation B&T
Holder’s Name: James Rogers
Account Number: 123456
Routing Number: 123456

E-mail me the confirmation number when it’s done.  I’ll be here.

Thanks,
Roger (Name of the CEO)

The above names were fictitious but imagine if you received that e-mail and it looked like it was from your CEO and had your company logo.  The best advice that I can give is some you’ve heard for quite a while, if it JDLR (just don’t look right) it probably isn’t.  We all get busy and our attention gets diverted so it is easy for us to forget to apply the JDLR filter before clicking a link or taking action on something that looks legitimate.  The security of  information starts with you.  Take just a few moments when you receive a message that doesn’t quite look like a legitimate request to verify with the sender, either with a new e-mail or a phone call, that they were actually asking you to complete this action.

Often times you hear of people wondering exactly why so many security agents and tools are required on computer systems these days.  Threat actors have evolved their methods over the last several years to utilize more advanced intrusion methods that require multiple layers of defense, also known as “defense in depth”.  Let’s take a brief look at how a typical intrusion happens.

Most cyber-attacks begin with a phishing attempt via e-mail.  A phishing e-mail is one that attempts to get an end user to click a link or open an infected e-mail attachment.  These e-mails will normally be composed in a way that makes the reader believe that it is a legitimate e-mail message.  It is extremely important to utilize caution when clicking on links or opening attachments in e-mail messages from individuals you don’t recognize or weren’t expecting.  In most cases it only takes one person, a “patient zero” if you will, for an outbreak to begin.

Once a system is infected it will, either on its own or with instructions from a group of attackers, attempt to spread.  This can occur via several methods including stolen administrative credentials and operating system or application vulnerabilities.  Infected systems may sit quietly without attempting any malicious activity or actively being attempt to capture data, passwords, etc.  The goal of an attacker is to gather as much information as they can without getting caught.

Normal anti-virus protection isn’t enough because most malicious code is what’s known as “zero-day”, meaning that the code was generated the same day it was utilized.  Today, companies use numerous tools installed on computers to help combat these types of attacks.  Modern day security tools monitor registry and operating system file changes.  While these tools may have some impact on the performance of a workstation, they are an extremely valuable resource in being able to detect an infection and decrease response time.

At the end of the day one thing we all have to remember, being a part of any industry, is that protecting our intellectual property is ultimately protecting our customers and fellow employees.

If you want to talk about one of the biggest buzz phrases in technology it would definitely be “the cloud.”  These days, most people seem to feel the term ‘cloud’ is a bit nebulous.  For a little bit of a history lesson, in the earlier days of the internet we typically would refer to the internet itself as “the cloud” due to the fact most people didn’t really know what was between their computer and the website they were trying to reach (nor did you really care as long as you were able to access what you wanted to).  In network diagrams you’ll even see the internet represented as a literal cloud.

Today when you hear “the cloud” it typically refers to a place to store and/or process information somewhere other than your personal computer.  The cloud has further been defined with the addition of “public cloud” or “private cloud.”  A public cloud would be a location that is used by more than one individual or company and is managed by a third party.   A private cloud is hosted by an independent business.  You could technically think of the collection of file servers or SharePoint sites within your company as a private cloud as it is hosted on equipment we own and is operated by your company’s IT department.

Often times I get asked, “Is it safe to store information on the internet/in the cloud?”  Many of the providers of cloud hosting utilize very sophisticated security measures and your data might be even safer in the cloud as compared to just sitting on your home computer.  That being said, utilizing a strong password or a long passphrase is critical to protecting your information.  Avoid putting information on the internet that contains credit card or social security numbers and any other personally identifiable information.  The cloud is great for backing up your digital photos, music, movies, and normal day to day documents and can also allow you to free up disk space on your personal computer.

Please remember, it is may be against your company’s policy to store any company information on one of the publicly available cloud providers such as DropBox, OneDrive, etc.  Cloud storage is a great way to keep backups of the files that are most important to you and free up space on your local computer.

Security, security, security, we hear it all the time, but why has it moved to the forefront more than it has in the past?  I wanted to take an opportunity in this post to dive a little bit deeper into the reasons that so many countermeasures are required these days to protect systems and PC’s from attack. The threat landscape of the individuals and groups on the attack has changed quite drastically in the last 5-10 years.

In the late 1990’s and the early 2000’s, the attackers were mostly what we would refer to as “script kiddies”, basically teenagers with too much time on their hands.  A lot of them were interested in learning programming code and knew they were causing damage but it wasn’t necessarily for ideological or financial motives.

In recent years we have seen a shift to the attackers being mostly rogue organizations or those looking for financial gain.  These groups or individuals are looking for data that can either threaten the national security of a country or to gain information such as credit card or social security numbers that they can either use themselves or sell.  Another difference we see here is that these groups are also usually very well-funded and often have teams of people working to gather the data that they are trying to obtain.

The technology landscape has also changed in recent years and will continue to try to adapt.  Currently numerous security tools are often used to have “defense in depth” but there is hope that the base operating systems, such as Windows, will soon be more secure in the way they function at a basic level severely limiting the methods attackers have to take over an operating system.  The security tools also are evolving to become less impactful to the end user and eventually will have little to no impact on the work that a person does on their PC.

While there are some growing pains and at times some struggles with the measures that are put in place to reduce security threats there is hope for the future of these technologies.

Staying at a job for more than a couple of years in the information technology field is truly an accomplishment these days.  I say these days but for as long as I can remember it’s always seemed like the trend has been between two to four years is the average job span of a person in this field.  Typically you find that most of these constant career changers are looking to work their way up the career ladder or they just aren’t being challenged enough in their current position.

For those blessed to have been with the same company for many years, how do you ensure that you as a person don’t lose your marketability by being at one place too long?  I personally believe staying current on technology is one of the most important things you can do to help your appeal to a new company should the time come whether you voluntarily or involuntarily have to leave your current position.  There are numerous ways you can stay up to date on current technology trends (without spending a dime.)

First, subscribe to company blogs from major technology providers such as Microsoft, Dell, Citrix, and many others.  There are also generic technology sites such as Engadget that can help you get a daily dose of what’s new in the technology world.  Another suggestion along this same line is to create yourself a Google News Alert that searches for certain keywords or company names and can alert you when new posts come out regarding that particular topic.

Secondly, get some refresher training.  The YouTube’s of the world have really changed the way information and instruction becomes available to the world.  There are many smart people out there who just enjoy talking and have posted videos on just about any topic you could possibly want to learn more about.  Microsoft also has free topic driven training available through their Microsoft Virtual Academy online.  Most classes are between one to four hours and really give you focussed training on technologies that Microsoft offers.

My third and final suggestion, write.  One of the main reasons I started blogging was to help keep my creative juices flowing but also it gives you “street credit” if you will among the industry to show that you really are interested in your current career field and gets you thinking about what you can use some of this wonderful technology for.

We all love the convenience of just being able to plug-in our devices to convenient USB ports located on our computers, on airplanes, at airports, or hotels but have you ever stopped to think about what might be on the other side of that USB connection? Up until now an iPhone has not been capable of being infected via a USB connection, unfortunately that has changed. A new malware released on 6-November now has the ability to infect your phone via a USB connection. It’s always a good idea to use extra precautions when connecting to an un-known USB connection. While, to date, no one has infected a smart phone via a public charging station it was however demonstrated at one of the last international hacking conferences that were held. The problem is that someone could easily hide a tiny computer within one of those charging stations that contained malicious code to infect your device. Once someone had access to your device they could potentially track your GPS location, read all your e-mails and text messages, or worse.

While we certainly can’t live our lives in fear over the dangers of technology it is always prudent to be cautious when connecting our devices to an unknown source. I personally shy away from direct USB connections to charging stations or on planes and stick with my USB wall adapter just to err on the side of caution.

One final note, whether you use USB or your wall adapter, never leave your phone unattended.  I see it happen in airports all the time.  While we’d like to believe everyone in the airport is honest, leaving your phone alone at a charging station is just asking for someone to take it.

Source – http://www.engadget.com/2014/11/06/apple-malware/